The hackers are ready. Are we ?

Shopt IT 2015 - 30 aprilKurt Callewaert

HOWEST UNIVERSITY of APPLIED SCIENCES

Lecturer Applied Computer Science- Computer & Cyber Crime Professional

Research manager

ISACA Academic Advocate for Howest University College

Member of the Belgian Cyber Security Coalition

11/05/2015 SHOPT IT 2015 1

11/05/2015 SHOPT IT 2015 2

751.000

Notifications of infected computers in Belgium

(until June 2014)

Number of infected computers in Belgium

3

0

100

200

300

400

500

600

700

800

2010 2011 2012 2013 Q1-Q2 2014

Number of incidents and notifications at CERT.be

116

614

X 5,29 Notifications at CERT.be / month

Incidents atCERT.be / month

4

Kurt Callewaert Kurt.Callewaert@howest.be

• Lecturer Applied Computer Science

* Maths , Problem solving

* Cryptography

* Cybersecurity Management

* IT Governance Cobit 5

* Risk management / assesment

• Research manager

* Research projects

* Internships / Bachelor Proofs

* Challenges , studytours , IT fairs ,…

• Member of the Belgian Cyber Security Coalition

• https://be.linkedin.com/in/kurtcallewaert

11/05/2015 SHOPT IT 2015 5

11/05/2015 SHOPT IT 2015 6

Education Landscape for Cybersecurity

11/05/2015 SHOPT IT 2015 7

Education in IT and Computer Sciences

Education in Information Security and Cybersecurity related domains

Specific courses within other education programs

Check www.b-ccentre.be/education

Check www.b-ccentre.be/education

Following pages list inventoried options

Checkb-ccentre.be/education

11/05/2015 SHOPT IT 2015 8

Education in IT and Computer SciencesSpecific courses within other education

programs

Academic education in Information Security, Cybersecurity and related studies

Inventoried education offering:

• Computer & Cyber Crime Professional (Bachelor) ,HOWEST University of Applied Sciences (Bruges)

• Executive Master of IT Governance And Assurance, Antwerp Management School

• Advanced Master of Intellectual Property Rights And ICT Law, Ku Leuven

• Executive Programme in Security Governance, Solvay Brussels School Of Economics And Management

• Executive Programme in Cybersecurity, Solvay Brussels School Of Economics And Management

• Executive Programme in Information Security, Solvay Brussels School Of Economics And Management

• Executive Master in Information Risk And Cybersecurity, Solvay Brussels School Of Economics And Management

11/05/2015 SHOPT IT 2015 9

Education in Information Security and Cybersecurity related domains

11/05/2015 SHOPT IT 2015 10

COMPUTER & CYBER CRIME PROFESSIONALHOWEST University of Applied Sciences in Brugeswww.howest.be

• Unique training from the age of 17 / 18 years

• Level : Professional Bachelor Applied Computer Science – 3 years

• Technical skills :

Web pentesting, Network & system pentesting, Forensic analysis , Social engineering, Cryptography , Biometrics, …

• Non technical skills :

IT Governance , Information security management , Risk management , Risk assesment , Privacy rules , IT jurisdiction , Cyber crimes, Mobile security management, Cybersecurity , …

• Frameworks :

COBIT 5 , ISO 27001/2 , NIST CSF , PTES , ITIL v3 , OWASP , SANS , …

• Certificates :

CEH , Cisco CCNA , VMware , CSX (Cyber Security neXus)

Ready for CISSP and CISM

• Secure development :

Python, C , C# , PHP, Java , JavaScript , ASP.NET

11/05/2015 SHOPT IT 2015 11

11/05/2015 SHOPT IT 2015 12

11/05/2015 SHOPT IT 2015 13

Traject Computer & Cyber Crime professional HOWEST - Toegepaste informatica

Webbeveiliging I S2

Web pentesting Parcifal Aertssen NL 2

Data mining technieken S3

Wetgeving i.v.m. privacy en databanken en informaticarecht Marc Vael NL 3

Webbeveiliging II S3

Webbeveiligingen en Honeypot Parcifal Aertssen NL 3

Softwareontwikkeling en beveiliging S4

C en Python Jonas Maes NL 3

Computercriminaliteit S4

Computercriminaliteit Guy Verbeeren NL 3

Projecten III S4

Beveiligingsproject in samenwerking met bedrijf of organisatie S5 Kurt Callewaert NL 6

Beveiligingstechnologie II S5

VMware, Cloud computing en beveiliging Tijl Deneut ENG 3

Linux Server security Jonas Maes ENG 3

Forensische ICT en CCNA Security S5

Forensische ICT tools Tijl Deneut ENG 2

CCNA Security Christiaan Ledoux ENG 2

Beveiligingsalgoritmes en -software S5

Beveiligingsalgoritmes - cryptography Kurt Callewaert ENG 3

Netwerk en systeem pentesting Tijl Deneut ENG 3

Beveiligingsbeleid S5

IT Governance Kurt Callewaert ENG 2

Beveiligingsbeleid, threat en risk assessment Kurt Callewaert ENG 2

Webbeveiliging IV S5

Gastsprekers uit de security over onderwerpen die niet aan bod Tijl Deneut ENG 3

kwamen tijdens de lessen vb SCADA

Challenges, seminaries en bedrijfsbezoeken S6 Kurt Callewaert ENG/NL

Deelname Brucon, Infosecurity, Hacking challenges, Fosdem 3

Bezoek NATO en Europol

Bachelorproef en stage S6 Kurt Callewaert ENG/NL

Security stage in een bank, bedrijf of openbare instelling, 27

73

Technische en niet-technische certificaten

11/05/2015 SHOPT IT 2015 14

Secure development

11/05/2015 SHOPT IT 2015 15

Stages en beveiligingsprojecten

11/05/2015 SHOPT IT 2015 16

11/05/2015 SHOPT IT 2015 17

Roadmap security audit (beveiligingsproject)

1. Introductie1.1. Duratie van de audit1.2. Voorwaarden van de audit1.3. Technisch/Organisatorisch1.4. Non-Disclosure Agreement1.5. Penetration Test2. Process flow and phases2.1. Reconnaissance fase2.2. Information Gathering2.3. Information Analysis2.4. Penetration test2.4.1. Network penetration fase2.4.2. Application Penetration test2.4.3. Social Engineering2.4.4. Audits2.5. Conclusie3. Schema Roadmap4. Rapportering4.1 SANS Five Quick Wins5. Bijlagen

11/05/2015 SHOPT IT 2015 18